New Strategies to Address Security Skills Gap

As cyber threats rise, industry experts see an opportunity to involve government and private entities in building the capacity of security professionals though effective partnerships and cybersecurity clusters.

The discussion emerged during the recent Cyber 360 event in Bangalore.

Information security experts say industries can play a major role in promoting innovation and skill development to help bridge the widening gap between industry's needs and academia's ability to meet those needs.

Other experts support the view, saying innovation drives economic transformation, and cyber challenges will pave the way to growth in new capacity and skills.

Skills Gap

Leaders stress the need to focus on financial and technology support for incubating entrepreneurs who wish to build cybersecurity solutions and talent. Some say the industry should see local cybersecurity solutions being supported with soft funding and support from the government.

Kinshuk De, head, business operations, enterprise security risk management at TCS, strongly believes India must develop a workforce as an enabling national asset to meet domestic and global security market needs - expected to grow to $120.1 billion by 2017.

"There's a need to formulate a national framework for the creation of a cybersecurity workforce or adapt globally recognized frameworks such as National Initiative for Cyber Security Education of USA," he says.

Experts say there's a need to train 500,000 in cybersecurity skills by 2020.

"While securing our own infrastructure, India has the opportunity of exporting security services to the extent of over $20 billion," De says.

Cybersecurity is a global phenomenon, so it requires international cooperation, leaders say. India must develop an organizational, policy and legal framework to forcefully represent itself from a position of strength and guard India's national security concerns and interests.

"Cybersecurity, which constitutes about 1 percent of the total IT industry currently, will grab a 10 percent share by 2025," says Cyber Task Force's Pawar. "Also, cybersecurity is estimated to be a $35 billion industry by 2025, creating 1 million jobs over time. This calls for various stakeholders to join in creating these jobs."

The reason for the skills gap is lack of communication between industry stakeholders and lack of experience in gauging India's skill potential, says Bruce McConnell, senior vice president at the East-West Institute.

Ways to Build Capacity

Most experts see the need to create five regional security R&D and innovation hubs comprising security industry clusters, and academic institutions focused on cybersecurity skills over next five years.

They also see the need to groom 100-plus companies in high-end security products and solutions, besides fostering extensive overseas collaborations through alliances, partnerships and joint ventures, while allowing 100 percent FDI in critical technology areas of ICT security.

TCS' De says private industries must invest in developing security products and also impart specific skills and training to future professionals. According to De, the proposed action plan will include:

Mandate 100 universities and colleges to gear up and offer education in ICT security at graduate, post-graduate and PhD levels over the next five years. Foster extensive collaboration with overseas universities for faculty and course content.

Build a national cadre for cybersecurity to mandate creating an independent cadre alongside ICT Jobs;

Foster role-based skill classification and allocation in organizations, including security provisioning; operations and maintenance; defense and protection; investigation; analysis; information collection and support, on the lines of NICE or its equivalent tailored for India.

Take aggressive and focused steps to globalize the cybersecurity workforce to foster global research and technology collaborations;, integrate the cybersecurity and ICT workforce and position globally; and build regional security innovation hubs for global clients.

"We as a task force will submit our recommendations to the government - incorporating funding strategy, spotting talent, policy changes in helping start-ups develop the required cyber products and solutions and also actionable plan of action," Pawar says. "Carrying out a hackathon on a periodic basis across states to master cyber hacking techniques is in the cards "

East West's McConnell suggests forming non-profit information sharing groups across sectors to exchange information and plan working groups to run courses for professionals.

"The information sharing groups will help build effective collaboration between various stakeholders including security operators to help corporate and government bodies assess the need and evolve a course structure," he says. "These groups will bring in international best practices with vendors' support to develop the necessary wherewithal to build cyber capacity in India."

About the Author

Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.